Here is a breakdown of everything you need to know about Microsoft's new cloud-based PC management and security platform aimed at midmarket companies.
By Shane O'Neill
Microsoft yesterday announced Windows Intune, a cloud-based PC management and security service designed for the midmarket.
Through a Web-based console that can be accessed anywhere an Internet connection is available, IT administrators can manage the deployment of Microsoft updates and service packs to all PCs, keep track of hardware and software inventory, fix PC issues remotely, manage protection from malware threats and set security policies.
Microsoft is aiming the cloud-based Windows Intune squarely at companies with 25 to 500 PCs, as businesses of this size typically don’t have the resources to manage and configure servers in an on-premise desktop management environment.
Here are answers to some common questions about Windows Intune and what midmarket IT managers can expect.
What exactly can I do with the Windows Intune cloud service?
From Windows Intune’s Web-based console, IT admins can:
Manage updates — Centrally manage the deployment of Microsoft updates and service packs to all PCs from the Windows Intune console — freeing up IT staff from routine management tasks.
Protect PCs from malware — Help defend PCs from malware threats with centralized protection built on the Microsoft Malware Protection Engine using the same technologies as Microsoft Forefront Endpoint Protection and Microsoft Security Essentials.
Proactively monitor PCs — Receive alerts on updates and threats so that IT can find and resolve PC issues before they harm end users.
Provide remote assistance — Help resolve PC issues, no matter where IT staff or business users are located, using remote assistance through a program called Microsoft Easy Assist.
Track hardware and software inventory — Track hardware and software assets to efficiently manage inventory, licenses and compliance.
Set security policies — Centrally manage update, firewall, and malware protection settings across all PCs, even on remote machines outside the corporate network.
How do you set up Windows Intune?
Because Windows Intune is a cloud service, there is no on-site infrastructure to deploy. This means you can start managing a PC right away.
[ For complete coverage on Microsoft’s new Windows 7 operating system — including hands-on reviews, video tutorials and advice on enterprise rollouts — see CIO.com’s Windows 7 Bible. ]
To get the beta, sign up for a trial here. Sign in to the Windows Intune administration console Web page, and then download the management client and install it on any PC you want to manage.
What is unique about Windows Intune?
In addition to being a cloud-based PC management and security service, Windows Intune also provides access to Windows 7 Enterprise upgrades as part of the subscription. On top of that you can download troubleshooting, security policy configuration, and virtualization tools and run them in the Windows Intune environment.
What kind of alerts does Windows Intune provide?
IT admins can view alerts by the alert type, by PC groups, or on an individual PC basis. You can use filters to view security alerts of specific levels and also show alerts that are active or that have been closed. Some predefined alerts available in the beta include:
–Security alerts that let you know the second there is a threat, so that IT can take care of it immediately.
–Update alerts that notify IT when new updates are available and can then track deployment progress so IT knows which PCs have downloaded the update.
–Alerts that lets IT know if PCs are running low on disk space, so that they can upgrade hardware before a user runs out of space.
How will IT admins be alerted through Windows Intune when a user needs assistance?
IT administrators can have alerts forwarded to their e-mail so that they are immediately notified of potential issues and requests for remote assistance even when they aren’t logged into the Windows Intune Web console. IT admins can view all active alerts when they log into the Web console and click on the System Overview and Alerts Overview pages.
Why Should I trust a cloud-based service?
Security is clearly the main concern among IT managers when it comes to the cloud. But Microsoft, for its part, touts that its Online Services, including Windows Intune, run in data centers protected by many layers of security, including: Internet protocols such as HTTPS (Hypertext Transfer Protocol Secure); redundant servers in spread out geographically; backup data centers that can be switched to if disaster strikes; encrypted data center channels; and a guaranteed service level agreement of 99.9 percent uptime.
What are the Windows 7 Enterprise upgrade rights included in Windows Intune?
All PCs managed by Windows Intune may be upgraded to Windows 7 Enterprise as long as they meet the minimum system requirements for Windows 7.
In addition to Windows 7 upgrade rights, Windows Intune customers will have rights to upgrade to future versions of Windows, as well as the right to downgrade to older versions.
Do I have to upgrade to Windows 7 Enterprise to use Windows Intune?
No. IT managers can upgrade to Windows 7 Enterprise when they are ready, or can use a previous version.
Can I use the Windows Intune cloud service to upgrade my PCs to Windows 7 Enterprise?
No. Windows Intune does not actually perform Windows operating system upgrades or deployments, but it does provide license rights to perform an upgrade on each subscribed PCs.
To install Windows 7 Enterprise, you will be given access to a Web site to download Windows media and activation keys that can be used to upgrade PCs. Upgrade directions for midsize businesses are available on the Microsoft TechNet site.
What are the additional management tools included in Windows Intune?
Windows Intune customers can download and use advanced PC management tools delivered through MDOP (Microsoft Desktop Optimization Pack), Microsoft’s enterprise suite that helps IT departments manage multiple Windows 7 machines across a corporate network.
Normally, MDOP is only for enterprises that use Microsoft’s SA (software assurance) program, but Microsoft has made it available for Windows Intune customers. MDOP tools include: App-V (Microsoft Application Virtualization), MED-V (Microsoft Enterprise Desktop Virtualization), AGPM (Microsoft Advanced Group Policy Management), DaRT (Microsoft Diagnostics and Recovery Toolset).
Are these MDOP capabilities delivered via the Windows Intune cloud service?
No, these tools are available for Windows Intune customers to download and use in addition to using the cloud service. DaRT, for instance, is run by booting a PC from a DVD into a troubleshooting environment. Other tools, such as AGPM, require on-site infrastructure.
Do I need to deploy MDOP in order to use the Windows Intune cloud service?
No, the use of the MDOP tools is optional. IT can choose to download and use the tools at any time.
How can I sign up for a beta?
You can sign up for the Windows Intune cloud service beta online on Microsoft’s Web site. This is a limited beta for up to 1,000 customers in the United States, Canada, Mexico and Puerto Rico, and customers in these regions will be able to sign up for the beta until May 16, 2010, or until all 1,000 beta openings have been filled.
How many PCs can I manage with my Windows Intune cloud service beta account?
You may manage up to 20 PCs during the beta trial period.
How do I use the Windows Intune beta on my company PCs?
The Windows Intune cloud service beta requires the client software to be installed on each PC that IT would like to manage. IT can distribute the client by direct downloads, via a private share, or using a flash drive.
What are the operating system requirements for Windows Intune?
The Windows Intune client software is supported on both 32-bit and 64-bit versions of Windows 7 Enterprise, Ultimate, and Professional; Windows Vista Enterprise, Ultimate, and Business; and Windows XP Professional with Service Pack (SP) 2, though SP3 is recommended.
Installing Windows Intune on Windows 7 and Windows Vista has no additional hardware requirements, but to install it using Windows XP will require a CPU clock speed of 500 MHz or faster and a minimum of at least 256MB of RAM.
Also, to use Windows Intune IT administrators will need use a Web browser that supports Silverlight 3.0.
Can I use Windows Intune malware protection to replace my current antivirus software?
Yes, Windows Intune can replace your current malware protection. Microsoft recommendeds this approach because it will give IT administrators access to the malware protection policies and reporting capabilities of Windows Intune.
Can I run the malware protection alongside my current antivirus application?
If your current malware protection package is integrated with the Windows Security Center in Windows Vista or the Action Center in Windows 7, then the malware protection component of Windows Intune will disable itself and the status of the Security Center or Action Center will be reported to the Windows Intune console. You will still need to manage the third-party malware protection’s update and scanning policies as these cannot be controlled by Windows Intune.
Will Windows Intune work if I currently use PC management software from a different provider?
Yes, Microsoft says there is no technical reason preventing Windows Intune from working with PC management suites from another vendor.
How much will Windows Intune cost, and how will it be purchased?
Pricing and licensing details are not yet available. Windows Intune will be sold like other cloud services from Microsoft — through Microsoft partners and the Microsoft Online Services Web site.
When Will Windows Intune be available?
A limited beta of Windows Intune for up to 1,000 customers in the United States, Canada, Mexico and Puerto Rico was announced on April 19. Customers in these regions will be able to sign up for the beta until May 16, 2010.The final Windows Intune product will be commercially available within one year of the beta, according to Microsoft.